2 files changed, 9 insertions, 3 deletions

diff --git a/lib/gitlab/background_migration/populate_untracked_uploads.rb b/lib/gitlab/background_migration/populate_untracked_uploads.rb
index f06b4ac1940..ea04484c6a1 100644
--- a/lib/gitlab/background_migration/populate_untracked_uploads.rb
+++ b/lib/gitlab/background_migration/populate_untracked_uploads.rb
@@ -204,7 +204,7 @@ module Gitlab
           file.to_h.merge(created_at: 'NOW()')
         end
 
-        Gitlab::Database.bulk_insert('uploads', rows)
+        Gitlab::Database.bulk_insert('uploads', rows, disable_quote: :created_at)
       end
 
       def drop_temp_table_if_finished
diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb
index cd7b4c043da..16308b308b2 100644
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
@@ -116,15 +116,21 @@ module Gitlab
     #        values.
     # return_ids - When set to true the return value will be an Array of IDs of
     #              the inserted rows, this only works on PostgreSQL.
-    def self.bulk_insert(table, rows, return_ids: false)
+    # disable_quote - A key or an Array of keys to exclude from quoting (You
+    #                 become responsible for protection from SQL injection for
+    #                 these keys!)
+    def self.bulk_insert(table, rows, return_ids: false, disable_quote: [])
       return if rows.empty?
 
       keys = rows.first.keys
       columns = keys.map { |key| connection.quote_column_name(key) }
       return_ids = false if mysql?
 
+      disable_quote = Array(disable_quote).to_set
       tuples = rows.map do |row|
-        row.values_at(*keys).map { |value| connection.quote(value) }
+        row.keys.map do |k|
+          disable_quote.include?(k) ? row[k] : connection.quote(row[k])
+        end
       end
 
       sql = <<-EOF